A so called man-in-the-middle attack constitutes a big security risk regarding authentication utilizing networks for data and/or telecommunication. In a networked environment, the need to properly authenticate the communicating parties has become more and more crucial. Network spoofing has become a huge security risk, and must be mitigated.
A communications module, named Hermes to the applicant of the present invention, has the capability of enabling its clients to communicate covertly, through the use of encryption. Each new connection begins with a session key establishment. Currently, this is accomplished using the Diffie-Hellman key agreement protocol. A major drawback with this algorithm is that it does not authenticate the parties that are agreeing upon a common key. Thus, a malicious party may secretly establish an encryption key between two parties and none is the wiser. This is generally called a man-in-the-middle attack (MITM). In general, a MITM attack can defeat any protocol that does not involve some sort of shared secret between authenticating parties.
Authentication is the process of establishing the identity of an entity or more pragmatically, verifying that a user is who he or she claims to be. Authentication is one of the cornerstones of computer security. Only with proper authentication can reliable traceability be achieved in a system.
Traditionally, user credentials are represented as a user id and password pair. The user id is who you claim to be and the password is used to ascertain the veracity of that claim. Passwords are usually used as a shared secret between the authenticating entity and the entity wishing to prove his or hers knowledge of the shared secret. The password is sometimes referred to as the authenticator. Passwords are by far the most used form of authentication, believed to represent 95% of all authentication mechanisms out on the field.
Public-key cryptography offers the ability of associating a user with a cryptographic key pair, e.g. using the RSA algorithm. Assuming key sizes have been appropriately chosen, this authentication mechanism is very powerful as it is generally very hard to defeat. However, public-key cryptography is not a panacea. There are a number of issues associated with it, such as how to protect the private key and how to securely administrate all the keys.